Can't access Internet after getting rid of malware

Windows XP SP3
Computer had one of those fake Windows antivirus malware programs. Got Malwarebytes installed and it seemed to get rid of it. Here's that mbam log file:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4052

Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 7.0.5730.13

5/17/2010 4:06:03 PM
mbam-log-2010-05-17 (16-06-03).txt

Scan type: Full scan (C:\|)
Objects scanned: 165494
Time elapsed: 57 minute(s), 0 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 4
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\avpcbvim (Rogue.AntivirusSuite.Gen) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\avpcbvim (Rogue.AntivirusSuite.Gen) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\asam (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\asam (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Not selected for removal.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Not selected for removal.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Not selected for removal.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Kevin\Local Settings\Application Data\cmuutfqjp\oifmfhstssd.exe (Rogue.AntivirusSuite.Gen) -> Quarantined and deleted successfully.
C:\WINDOWS\herjek.config (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kevin\Local Settings\Temp\e.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kevin\Local Settings\Application Data\asam.exe (Trojan.Agent) -> Quarantined and deleted successfully.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - -


But now the computer won't access the Internet. This error message opens when attempt to open Firefox:

XULRunner
Error: Platform version '1.9.0.5' is not compatible with
minVersion >= 1.9.0.19
maxVersion >= 1.9.0.19
- - - - - - - - - - - - - - -


IE opens but displays the generic "Internet Explorer cannot display the web page."
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - -


MBAM can't download updates.

Spybot won't install because it can't access the Internet (Error sending Request. The server name or address could not be resolved).

Based on this thread, I ran ComboFix (http://forums.afterdawn.com/thread_view.cfm/724548). Here's the ComboFix log:

ComboFix 10-05-16.06 - Kevin 05/18/2010 10:06:20.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.588 [GMT -6:00]
Running from: q:\downloads\Virus Cleanup Utilities\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Kevin\g2mdlhlpx.exe
c:\documents and settings\Kevin\Local Settings\Application Data\syssvc.exe
c:\windows\system32\Vb40032.dll

.
((((((((((((((((((((((((( Files Created from 2010-04-18 to 2010-05-18 )))))))))))))))))))))))))))))))
.

2010-05-17 22:18 . 2010-05-17 22:18 -------- d-----w- c:\program files\Trend Micro
2010-05-17 22:18 . 2010-05-17 22:17 812344 ----a-w- c:\temp\HJTInstall.exe
2010-05-17 21:04 . 2010-05-17 21:04 -------- d-----w- c:\documents and settings\Kevin\Application Data\Malwarebytes
2010-05-17 21:04 . 2010-04-29 21:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-17 21:04 . 2010-05-17 21:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-05-17 21:04 . 2010-05-17 21:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-17 21:04 . 2010-04-29 21:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-17 20:59 . 2010-05-17 20:55 6153352 ----a-w- c:\temp\mbam-setup-1.46.exe
2010-05-17 20:59 . 2010-05-17 20:57 16409960 ----a-w- c:\temp\spybotsd162.exe
2010-05-17 20:59 . 2010-05-17 22:19 -------- d-----w- C:\temp
2010-05-17 20:38 . 2010-05-17 22:06 -------- d-----w- c:\documents and settings\Kevin\Local Settings\Application Data\cmuutfqjp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-17 15:13 . 2008-04-02 20:47 -------- d-----w- c:\program files\ShortKeys2
2010-05-06 15:19 . 2008-03-18 21:39 69416 ----a-w- c:\documents and settings\Kevin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-05-06 15:18 . 2008-03-18 01:03 69416 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-04-07 23:12 . 2008-04-03 17:36 -------- d-----w- c:\program files\FloorEstimator80
2010-03-30 22:38 . 2008-03-18 01:10 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-30 15:42 . 2009-11-11 16:00 79488 ----a-w- c:\documents and settings\Kevin\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-03-19 18:52 . 2008-03-18 21:31 -------- d-----w- c:\program files\ACT
2008-04-03 17:02 . 2008-04-03 17:02 336 ----a-w- c:\program files\temp995.bat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DBISQL9"="c:\qfloors\beta\hp\sybase9\win32\dbisqlg.exe" [2009-09-07 144688]
"SybaseCentral43"="c:\qfloors\beta\hp\sybase9\shared\Sybase Central 4.3\win32\scjview.exe" [2009-09-07 136496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-10 59392]
"PaperPort PTD"="c:\program files\Scansoft\PaperPort\pptd40nt.exe" [2002-08-12 45108]
"IndexSearch"="c:\program files\Scansoft\PaperPort\IndexSearch.exe" [2002-08-12 36864]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-01 148888]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-24 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-24 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-24 118784]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
SmartUI.lnk - c:\program files\Scansoft\PaperPort\SmartUI\SmartUI.exe [2003-2-3 1568768]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PCANotify]
2003-10-31 17:01 8704 ----a-w- c:\windows\system32\PCANotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\DataApples\\BeyondRemote\\BRServer.exe"=
"c:\\Program Files\\Symantec\\pcAnywhere\\awhost32.exe"=
"c:\\Program Files\\Symantec\\pcAnywhere\\awrem32.exe"=

R2 ASANYs_QServer;Adaptive Server Anywhere - QServer;c:\qfloors\Beta\HP\Sybase9\win32\dbsrv9.exe -hvASANYs_QServer --> c:\qfloors\Beta\HP\Sybase9\win32\dbsrv9.exe -hvASANYs_QServer [?]
R2 QRMail;QMailer;c:\qfloors\QReporter\QMailer.exe [10/31/2007 10:40 AM 173056]
R2 WS32Svc;WinSched Service;c:\qfloors\QTools\WS32Server.exe [8/30/2009 10:37 PM 5646336]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.qfloors.com/
FF - ProfilePath - c:\documents and settings\Kevin\Application Data\Mozilla\Firefox\Profiles\wb0hst4d.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.qfloors.com/
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Uniblue RegistryBooster 2 - c:\program files\Uniblue\RegistryBooster 2\RegistryBooster.exe
AddRemove-Beyond Remote Console and Host - c:\progra~1\DATAAP~1\BEYOND~1\UNWISE.EXE



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-18 10:10
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Beyond Remote Server]
"ImagePath"="c:\progra~1\DATAAP~1\BEYOND~1\BRServer.exe /startedbyscm:BB15F9CE-40E2BDD5-BRNTService"
.
Completion time: 2010-05-18 10:11:55
ComboFix-quarantined-files.txt 2010-05-18 16:11

Pre-Run: 59,537,301,504 bytes free
Post-Run: 60,846,280,704 bytes free

- - End Of File - - 3B1EA559B78EFF67827DB7C33749FB10
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - -


Still can't access the Internet.

When I try to run a Command window (Start > Run > Command), I get this error:

16-bit MS-DOS Subsystem
C:\WINDOWS\system32\command.com
C:\PROGRA~1\Symantec\S32EVNT1.DLL. An installable Virtual Device Driver failed Dll initialization. Choose 'Close' to terminate the application.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - -


Here's the latest MBAM log:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4052

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

5/18/2010 10:02:06 AM
mbam-log-2010-05-18 (10-02-06).txt

Scan type: Full scan (C:\|)
Objects scanned: 167692
Time elapsed: 34 minute(s), 4 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - -


Here's the latest HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:48:53 AM, on 5/18/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\QFloors\Beta\HP\Sybase9\win32\dbsrv9.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\DATAAP~1\BEYOND~1\BRServer.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\QFloors\QReporter\QMailer.exe
C:\WINDOWS\system32\svchost.exe
C:\QFloors\QTools\WS32Server.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\qfloors\beta\hp\sybase9\win32\dbisqlg.exe
C:\qfloors\beta\hp\sybase9\shared\Sybase Central 4.3\win32\scjview.exe
C:\Program Files\Scansoft\PaperPort\SmartUI\SmartUI.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.qfloors.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\Scansoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKCU\..\Run: [DBISQL9] c:\qfloors\beta\hp\sybase9\win32\dbisqlg.exe -preload
O4 - HKCU\..\Run: [SybaseCentral43] "c:\qfloors\beta\hp\sybase9\shared\Sybase Central 4.3\win32\scjview.exe" -preload
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: SmartUI.lnk = ?
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1205792109887
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1207236443609
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Adaptive Server Anywhere - QServer (ASANYs_QServer) - iAnywhere Solutions, Inc. - C:\QFloors\Beta\HP\Sybase9\win32\dbsrv9.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: Beyond Remote Server - Data Apples Corporation - C:\PROGRA~1\DATAAP~1\BEYOND~1\BRServer.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: QMailer (QRMail) - Unknown owner - C:\QFloors\QReporter\QMailer.exe
O23 - Service: WinSched Service (WS32Svc) - WinSched Software Corp - C:\QFloors\QTools\WS32Server.exe

--
End of file - 6453 bytes
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - -


I appreciate your looking into this and helping! Hopefully I've provided you with what you need to get me in the right direction.

 

More then likley the IP stack is corrupted. Resetting that should fix your issue. After that you would have to reboot the computer. There is an easy way to do it on the Hirens boot cd. Or you can use the netsh commands. I just cant remember them off the top of my head.

 

Thanks! After no reply here and not finding anything on my own, we just recently decided to reformat the hard disk and start from scratch - sometimes the best thing when it comes to these things anyway. But your info may prove helpful in the future!